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Qualys Scanner - Static Route Configuration 


Qualys allows the configuration of static routes on both virtual and physical scanners. This 
allows the scanner to direct non-local traffic to the appropriate gateway address when this 
address is not the default gateway. This configuration may be useful when a scanner is placed 
on a transit network containing multiple routers for different destinations, such as for remote 
facilities or business partner network connections. 


Required Information © 


In order to configure your appliance with static routes 
you will need the following information: 


Gateway IP address - The scanner-facing IP address of 

the router or gateway. There is no requirement for ee 
uniqueness, the same gateway may be used for multiple 

target networks. 


Target network address in CIDR format - The =e 
gateway/target network pair must be unique. The same 

gsateway/target network pair cannot be defined in 

another static route configuration for the same 

appliance. The target network must have a valid starting u Cw! 

IP address for the target mask provided. 


A route name to identify the static route configuration in = = 
the static routes list. 


Limitations 


Public/Private cloud provider distributions and offline scanner appliances do not support static 
routes. 


Physical scanners support up to 4094 static IP routes for devices with a serial number over 29000 
and up to 99 static IP routes for devices with a serial number under 29000. 


Virtual scanners (except public/private cloud provider and offline scanner images) support up to 
4094 static IP routes. 


For more information about the currently supported Virtual and Cloud platforms, see Qualys 
Virtual Scanner Appliance: Platform Qualification Matrix. 


Configure Static Routes in the UI 


1) Log in to Qualys as a Manager, go to Scans > Appliances, select the appliance and choose Edit 
from the Quick Actions menu. 


2) Select the Static Routes tab on the left. Click New, then click OK once you have read and 
understood the warning. 
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Edit Scanner Appliance LaunchHelp A x 


amis ane Static Routes 


Versions > Edit the static route configuration for this scanner appliance. 
IPv4 Gateway IPv4 Address Name | New J 
| 
172.16.4.1 172.16.4.0/24 Management VLAN Route | Edit 
VLANs ? | Remove 
| IPv4 Gateway IPv4 Address Name | Remove.) 


| 
Static Routes > 


Comments 


3) When the Edit Route dialog box appears enter the required information and click OK. 


Edit Route Launch Help 


Route Information 


Gateway: * 172 -| 16 -14 |1 
Target * 172 | -|16 -l4 0 1 24 
Network mask is required for destination networks only 


Name: Management VLAN route 


0K | _ Cancel | 


4) Click Save once all your Add/Change/Delete operations have been completed. 


IPv6 Support for Static Routes 


The IPv6 Scanning feature must be enabled for your account. Please contact Support or your 
Technical Account Manager if you would like have this feature turned on. 


You must enable IPv6 on the scanner to add IPv6 configurations. Select “Enable IPv6 for this 
scanner” on the LAN Settings tab. 


Edit Scanner Appliance LaunchHelp A x 


General Information LAN s ettings 


IPV6 Settings 


[F] Enable IPv6 for this scanner 
ae > Note: Select this option to configure IPv6 for LAN, VLANs and Static Routes. If you clear this option after saving IPv6 configurations for 
LAN, VLANs and Static Routes, your IPv6 configurations will be deleted. 


Versions 


VLANs > 


Configure IPv6 


Automatically 


Static Routes 
Address/Prefix 


Default Gateway 
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On the Static Routes tab you'll see IPv4 and IPv6 configurations that have been configured for 
the appliance. 


Edit Scanner Appliance LaunchHelp (A x 
General Information > o 
Static Routes 
Versions > Edit the static route configuration for this scanner appliance 
ae [C IPv4Gateway IPv4 Address IPv6 AddressiPrefix  _IPv6 Gateway Name o new | 
igs 
fe80:912e2116:887e:M4 fe80:91222116:887e3 IPVERoute2 | Edit J 
an > [E 10.10.10.0 10.10.10.10  fe80:912e:21f6:887e:M3 fe80::912e:21f6:887e:M3 _Remove_| 
e | |E IPv4Gateway IPv4 Address IPv6 AddressiPrefix IPv6 Gateway Name 


Canoe | 


When you create or edit a static route, you can add IPv4 details, IPv6 details or both. 


Edit Route Launch Help 


Route Information 
Provide an IPv4 configuration for the static route, an IPv6 configuration, or both. 


IPv4 configuration 


IPv4 Gateway: 


IPv4 Address: A : s I 


Network mask is required for destination networks only 


IPv6 configuration 


IPv6 Address/Prefix: | fe80::912e:21f6:887 e:fff4 


IPv6 Gateway: fe80::912e:21f6:887 e:ffF3 


Name: IPV6Route2 
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